http://bugzilla.opensuse.org/show_bug.cgi?id=1184894 Bug ID: 1184894 Summary: VUL-0: CVE-2015-8011,CVE-2015-8012: lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/158400/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: atoptsoglou@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2015-8011 Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. CVE-2015-8012 lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. References: http://www.openwall.com/lists/oss-security/2015/10/16/2 http://www.openwall.com/lists/oss-security/2015/10/30/2 Upstream patch: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd... References: https://bugzilla.redhat.com/show_bug.cgi?id=1896498 https://bugzilla.redhat.com/show_bug.cgi?id=1896536 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8012 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8011 http://www.openwall.com/lists/oss-security/2015/10/30/2 http://www.openwall.com/lists/oss-security/2015/10/16/2 http://www.openwall.com/lists/oss-security/2015/10/18/2 http://seclists.org/oss-sec/2015/q4/198 https://access.redhat.com/errata/RHSA-2020:5611.html http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8011.html http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8012.html https://access.redhat.com/errata/RHSA-2021:0931 https://access.redhat.com/errata/RHSA-2021:0988 https://access.redhat.com/errata/RHSA-2021:0931.html https://access.redhat.com/errata/RHSA-2021:0988.html https://access.redhat.com/errata/RHBA-2020:5306.html https://access.redhat.com/errata/RHSA-2021:0028.html https://access.redhat.com/errata/RHBA-2020:5307.html https://access.redhat.com/errata/RHBA-2020:5311.html https://access.redhat.com/errata/RHBA-2020:5310.html https://access.redhat.com/errata/RHSA-2020:5615.html https://access.redhat.com/errata/RHBA-2020:5310 https://access.redhat.com/errata/RHBA-2020:5311 https://access.redhat.com/errata/RHBA-2020:5306 https://access.redhat.com/errata/RHBA-2020:5307 https://access.redhat.com/errata/RHSA-2020:5611 https://access.redhat.com/security/cve/CVE-2015-8012 https://access.redhat.com/security/cve/CVE-2015-8011 https://access.redhat.com/errata/RHSA-2020:5615 https://access.redhat.com/errata/RHSA-2021:0028 http://www.debian.org/security/-1/dsa-4836 https://www.debian.org/security/2021/dsa-4836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011 https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d570... https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorap... https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980132 https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd... https://github.com/vincentbernat/lldpd/commit/8738a36d30e2e94257c5b1ae9cd3e7... http://cve.mitre.org/cve/request_id.html https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c4677... -- You are receiving this mail because: You are on the CC list for the bug.